diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2007-07-09 12:44:29 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2007-07-09 12:44:29 +0000 |
commit | 7b869816068b18f2623a15befbe3d7a51a7a5be4 (patch) | |
tree | c1ccf4a9f5efe1c8e82905ddd303630152299fee | |
parent | d852c5260a0e8800762d8a489d6ecaabca40506a (diff) | |
download | pfsense-7b869816068b18f2623a15befbe3d7a51a7a5be4.zip pfsense-7b869816068b18f2623a15befbe3d7a51a7a5be4.tar.gz |
Do not allow duplicate remote subnets or duplicate remote gateways in
the tunnel configuration, this results in 2 non working tunnels.
-rwxr-xr-x | usr/local/www/vpn_ipsec_edit.php | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php index 9261734..bee6c6a 100755 --- a/usr/local/www/vpn_ipsec_edit.php +++ b/usr/local/www/vpn_ipsec_edit.php @@ -169,12 +169,36 @@ if ($_POST) { if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet'])) or $_POST['remotenet'] == "0.0.0.0") { /* allow 0.0.0.0 remote net usage */ if($_POST['remotenet'] <> "0.0.0.0") - $input_errors[] = "A valid remote network address must be specified."; + $input_errors[] = "A valid remote network address must be specified."; + } + if (($_POST['remotenet'] && is_ipaddr($_POST['remotenet']) && !isset($_POST['disabled']) )) { + $t = 0; + foreach($a_ipsec as $tunnel) { + if($id <> $t) { + $tremotecidr = $pconfig['remotenet'] ."/". $pconfig['remotebits']; + if(($tunnel['remote-subnet'] == $tremotecidr) && !isset($tunnel['disabled'])) { + $input_errors[] = "The remote network \"$tremotecidr\" is already used by tunnel \"${tunnel['descr']}\"."; + } + } + $t++; + } } if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) { if(is_domain($_POST['remotegw']) == false) $input_errors[] = "A valid remote gateway address must be specified."; } + if (($_POST['remotegw'] && is_ipaddr($_POST['remotegw']) && !isset($_POST['disabled']) )) { + $t = 0; + foreach($a_ipsec as $tunnel) { + if($id <> $t) { + $tremotegw = $pconfig['remotegw']; + if(($tunnel['remote-gateway'] == $tremotegw) && !isset($tunnel['disabled'])) { + $input_errors[] = "The remote gateway \"$tremotegw\" is already used by tunnel \"${tunnel['descr']}\"."; + } + } + $t++; + } + } if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) { $input_errors[] = "A valid IP address for 'My identifier' must be specified."; } |